How to use Python scripts to download pcap files from Security Analytics using the Packet Analyzer API

book

Article ID: 168709

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Resolution

The following is an example on how a Python script could be used to download packet captures from Security Analytics through the Packet Analyzer API.

from SoleraConnector import *
sc = SoleraConnector("admin","API_Key_Here","Security_Analytics_IP_Address")
data = {'pcap':'/timespan/2015-04-30T16:07:20+08:00_2015-04-30T16:09:48+08:00/import_id/46/data.pcap','pcapType':'pcap','filter':'ip.addr==10.10.10.10 and ip.addr==10.10.10'}
sc.callAPI("GET","/packet_analyzer/download",data, "filename.pcap");



If this is not an imported packet capture, we can use the following :

from SoleraConnector import *
sc = SoleraConnector("admin","API_Key_Here","Security_Analytics_IP_Address")
data = {'pcap':'/timespan/2015-04-30T16:07:20+08:00_2015-04-30T16:09:48+08:00/data.pcap','pcapType':'pcap','filter':'ip.addr==10.10.10.10 and ip.addr==10.10.10'}
sc.callAPI("GET","/packet_analyzer/download",data, "filename.pcap");


Note : admin : An account with rights to download the packet capture.
API_Key_Here : API Key for username admin
Security_Analytics_IP_Address : IP Address of your Security Analytics